OpenID Server for Self-Sovereign Identity Project
================================================================================

# Key Requirements

1. Implement an OpenID Connect identity provider that works with SSI.
2. Allow users with Self-Sovereign IDs (SSI) to identify without the use of a
password.
3. Disable user/password-base authentication.

# Why

1. Leverage existing OpenID infrastructure to extend the use of SSI for servers
that have OpenID but not SSI.

# Stories

1. SSI users want to sign on to a website that has OpenID, but does not
currently support SSI.

# Nice-to-haves

* Log what remote systems have used the ID provider at authentication-time for
a given user.

## Additional sibling project ideas

* Implement a meta project in ansible to install on a web server.
* Implement an SSI client via the CLI.
* Implement an identity layer library for application-layers to call instead of a
library over the transport-layer. This would use, but hide TLS, for example.

# Suggestions

* Reuse an existing implementation of an OpenID Connect IP provider.
* The sibling project for an SSI application currently remains in progress. So
until then, this project might benefit from a thin client for SSI that runs from
the terminal.
* While some aspnet and java version exist, and could have good design, stick
with a language framework from a more freedom respecting company.

# FAQ

## Aren't OpenID and OAuth two different things?

OpenID Connect (basically v3) is a layer on top OAuth.  

# References

* [OpenID Connect](https://openid.net/connect/)
* [OpenIddict](https://github.com/openiddict/openiddict-core) - active ASP.NET Core implementation
* [MITREid Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server) - active Java Spring implementation
* [A Python OpenID Connect implementation](https://github.com/OpenIDC/pyoidc) - active and the name says it all
